TY - GEN
T1 - Device-agnostic Firmware Execution is Possible
T2 - 36th Annual Computer Security Applications Conference, ACSAC 2020
AU - Cao, Chen
AU - Guan, Le
AU - Ming, Jiang
AU - Liu, Peng
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/12/7
Y1 - 2020/12/7
N2 - With the rapid proliferation of IoT devices, our cyberspace is nowadays dominated by billions of low-cost computing nodes, which are very heterogeneous to each other. Dynamic analysis, one of the most effective approaches to finding software bugs, has become paralyzed due to the lack of a generic emulator capable of running diverse previously-unseen firmware. In recent years, we have witnessed devastating security breaches targeting low-end microcontroller-based IoT devices. These security concerns have significantly hamstrung further evolution of the IoT technology. In this work, we present Laelaps, a device emulator specifically designed to run diverse software of microcontroller devices. We do not encode into our emulator any specific information about a device. Instead, Laelaps infers the expected behavior of firmware via symbolic-execution-assisted peripheral emulation and generates proper inputs to steer concrete execution on the fly. This unique design feature makes Laelaps capable of running diverse firmware with no a priori knowledge about the target device. To demonstrate the capabilities of Laelaps, we applied dynamic analysis techniques on top of our emulator. We successfully identified both self-injected and real-world vulnerabilities.
AB - With the rapid proliferation of IoT devices, our cyberspace is nowadays dominated by billions of low-cost computing nodes, which are very heterogeneous to each other. Dynamic analysis, one of the most effective approaches to finding software bugs, has become paralyzed due to the lack of a generic emulator capable of running diverse previously-unseen firmware. In recent years, we have witnessed devastating security breaches targeting low-end microcontroller-based IoT devices. These security concerns have significantly hamstrung further evolution of the IoT technology. In this work, we present Laelaps, a device emulator specifically designed to run diverse software of microcontroller devices. We do not encode into our emulator any specific information about a device. Instead, Laelaps infers the expected behavior of firmware via symbolic-execution-assisted peripheral emulation and generates proper inputs to steer concrete execution on the fly. This unique design feature makes Laelaps capable of running diverse firmware with no a priori knowledge about the target device. To demonstrate the capabilities of Laelaps, we applied dynamic analysis techniques on top of our emulator. We successfully identified both self-injected and real-world vulnerabilities.
UR - http://www.scopus.com/inward/record.url?scp=85098076806&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85098076806&partnerID=8YFLogxK
U2 - 10.1145/3427228.3427280
DO - 10.1145/3427228.3427280
M3 - Conference contribution
AN - SCOPUS:85098076806
T3 - ACM International Conference Proceeding Series
SP - 746
EP - 759
BT - Proceedings - 36th Annual Computer Security Applications Conference, ACSAC 2020
PB - Association for Computing Machinery
Y2 - 7 December 2020 through 11 December 2020
ER -